The report found that across all industries surveyed, government organizations received one of the lowest security scores. In particular, government agencies ranked significantly low in network security (13th), application security (11th), leaked credentials (12th), patching cadence (16th), endpoint security (17th), and “hacker chatter” (18th).

Source: 2017 U.S. State and Federal Government Cybersecurity Report, SecurityScorecard

However, the government sector ranked above average in three of the 10 categories: DNS health (2nd), social engineering (3rd) and cubit score (2nd), which is a measure of exposed administrative portals and domains.

Furthermore, of the 500 government agencies observed, the U.S. Secret Service, the Federal Reserve and the IRS were among the top 10 for best overall scores.

Source: 2017 U.S. State and Federal Government Cybersecurity Report, SecurityScorecard

“On an almost daily basis, the institutions that underpin the nation’s election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organizations, and hacktivists,” said Sam Kassoumeh, COO and co-founder at SecurityScorecard, in a press release.

“Government agencies provide mission-critical services that, until they are compromised, most people take for granted. This report is designed to educate elected officials, agency leadership, as well as government security professionals about the state of security in the government sector,” Kassoumeh said.

Lumping local, state, and federal government together introduces problems to the paper structure and findings…this is highlighted with having several federal agencies assessed to be the strongest performers. Securing State and local government information systems is not regulated by the federal government further conflating “government” grade and obfuscating the role the federal government has taken in strengthening private sector critical infrastructure information systems.